CVE-2019-25380

MEDIUM

Smoothwall Express 3.1-SP4-polar-x86_64-update9 - Reflected Cross-Site Scripting in dhcp.cgi

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-25380. PoCs published by Ozer Goker.

AI-analyzed exploit summary This exploit demonstrates multiple stored and reflected XSS vulnerabilities in Smoothwall Express 3.1-SP4-polar-x86_64-update9. The payloads are simple JavaScript alerts injected into various parameters of CGI scripts.

Description

Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains multiple reflected cross-site scripting vulnerabilities in the dhcp.cgi script that allow attackers to inject malicious scripts through multiple parameters. Attackers can submit POST requests to dhcp.cgi with script payloads in parameters such as BOOT_SERVER, BOOT_FILE, BOOT_ROOT, START_ADDR, END_ADDR, DNS1, DNS2, NTP1, NTP2, WINS1, WINS2, DEFAULT_LEASE_TIME, MAX_LEASE_TIME, DOMAIN_NAME, NIS_DOMAIN, NIS1, NIS2, STATIC_HOST, STATIC_DESC, STATIC_MAC, and STATIC_IP to execute arbitrary JavaScript in user browsers.

Exploits (1)

exploitdb WORKING POC

by Ozer Goker · textwebappscgi

https://www.exploit-db.com/exploits/46333

View Code ZIP pw:eip

This exploit demonstrates multiple stored and reflected XSS vulnerabilities in Smoothwall Express 3.1-SP4-polar-x86_64-update9. The payloads are simple JavaScript alerts injected into various parameters of CGI scripts.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Smoothwall Express 3.1-SP4-polar-x86_64-update9

No auth needed

Prerequisites: Access to the web interface of the target Smoothwall Express instance

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit, Third Party Advisory exploit

https://www.exploit-db.com/exploits/46333

Various Sources product

http://www.smoothwall.org

Third Party Advisory third-party-advisory

https://www.vulncheck.com/advisories/smoothwall-express-dhcpcgi-cross-site-scripting

Scores

CVSS v3 6.1

EPSS 0.0022

EPSS Percentile 12.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-79

Status published

Products (1)

smoothwall/smoothwall_express 3.1 sp4

Published Feb 16, 2026

Tracked Since Feb 18, 2026